1 Answer
1

A hash(x) signature has no dependence on the transaction itself. As such, it is only a "signer" in the sense that it adds signing weight to a transaction. Once anyone has seen the corresponding hash preimage, they can reuse that preimage to "sign" an arbitrary transaction.

The main purpose of hash(x) transactions is to coordinate atomic cross-chain swaps.

Suppose I agree to give you 1 BTC in exchange for 25,000 XLM, but we don't trust each other. What we can do is set up an escrow account on stellar to give me 25,000 XLM when when the x is revealed for some hash(x) signer (so basically there is signing threshold 2, and the hash(x) and a pre-signed transaction each have signing weight 1). And on the bitcoin blockchain we set up a UTXO that gives you 1 BTC in exchange for revealing the same preimage x.

Now obviously one of us knows x and the other doesn't, so we compensate with appropriate sequencing and timeouts. Let's say you know x, then I create the 1 BTC UTXO such that I can take back the 1 BTC if you haven't submitted x in 24 hours. But before I've set this up, I insist that you create the 25,000 XLM escrow account that will pay out to me on revealing x. To protect yourself, you set a second preauth transaction (weight 2) so that you can take back the funds in 1 week if I fail to set up my 1 BTC UTXO. With both accounts created, you claim the 1 BTC by submitting a bitcoin transaction containing x, and I pull x out of the bitcoin history to claim the 25,000 XLM.